Complete direct client-to-client file transfers presents a major problem for clients that are behind a firewall or NAT. Proxy Accept Socket Service (PASS) enables clients to do real-time file transfers via a third party; in addition, it does not limit clients to file transfers but enables any two clients to create a raw TCP socket between them for any purpose, such as VoIP (SIP/RTP), BEEP, or binary game data.

The first step is to communicate with a PASS service to set it up.

600
]]>1.2.3.4
]]>

At this point, the PASS service is now listening on the given IP and port for incoming connections on behalf of the Jabber Entity. The provided IP and port can now be sent to any other entity as a connection point, for file transfers or any other use.

The default behavior for the PASS service is to listen on the port forever, unless the requesting client specifies an <expire/> value (in seconds). If the service is not configured with an expire value, it will not timeout the connection, and will start listening on the port again after one of the two sides disconnects.

Code

Message

Cause

502

No more ports available. Try again later.

The PASS service is listening on all of its available ports.

When an incoming connection is attempted to that IP and port, the PASS service MUST send an IQ request to the entity on whose behalf it is listening:

4.3.2.11.2.3.4
]]>
]]>

The entity SHOULD now immediately connect to the given proxy IP and port, and upon connection all data written to that socket will be copied to the client connection, and vice-versa. Any disconnect on either side MUST cause a disconnect on the other (initiated by the service). If the IQ set to the entity fails or returns an error, the client socket MUST be dropped as well. The client XML element provides the information about the remote end of the incoming socket.

Abuse in bandwidth or resources could become an issue, so PASS implementations SHOULD include strict and detailed rate and usage limits, allowing only limited usage by single entities and rate-limiting bandwidth used if necessary for both single connections or overall usage. These limits are implementation-specific.

A Jabber client can send various controls to the PASS service via the set to control how the PASS service behaves, how the server handles a listening port.

This tells the server to shut down the port after a specified number of seconds. After the timeout period, the PASS service MUST send an to the JID to tell it that the port has been closed down. It notifies the client with:

1.2.3.4
]]>
]]>

This tells the server to listen once, and then close the port. Even if the has not been met, the overrides that and shuts down the listening port. When this happens the server notifies the client with the following packet:

1.2.3.4
]]>
]]>

This tells the server to explicitly shut down a listening port. Useful for when the client shuts down and can tell the PASS service to recycle the port. The server sends back:

1.2.3.4
]]>
]]>

Code

Message

Cause

400

Missing specification.

Sent a w/o a

401

Port not registered to your JID.

You did not register this port with the server.

404

Port not found in registry.

The was not a defined port.

405

Proxy IP does not match.

The IP sent in the does not match the IP of the pass-service

The PASS protocol can be used for clients to talk to each other and find out information about each other. When a client wants to send a file to another client, it can use the jabber:iq:pass namespace to query the IP address of the other client. For example:

You send the other client:

]]>

The other client SHOULD send back:

4.3.2.1
]]>

Obviously the port is not going to be known, but the IP address will let you authenticate the JID via the PASS service since the PASS service tells you the information upon a connection.

When a server gets an Incoming Connection notification the client has the right to deny that connection based on the information that it receives. It can return an error to the PASS service specifying the port and hangup on the active connection and start listening again. This does not affect the control. For example:

The PASS service sends you:

4.3.2.11.2.3.4
]]>

Your client would send back:

4.3.2.11.2.3.4
]]>

Code

Message

Cause

401

Unauthorized

The incoming does not match the from the client you want to exchange data with.

This document requires no interaction with &IANA;.

No action on the part of the &REGISTRAR; is necessary as a result of this document, since 'jabber:iq:pass' is already a registered protocol namespace.

The protocol documented by this schema is defined in
XEP-0003: http://www.xmpp.org/extensions/xep-0003.html
]]>